Suppose I want to send a command to a print server on a netwerk that has been secured with Kerberos. To do so, I authenticate myself to the KDC and get a TGT, and then another ticket from the TGS for ...

When analysing Kerberos exchange (and other similars as Needham, Denning, etc.) I wonder why the first message where the identities of the client and remote are not encrypted.
In case not encrypted I ...

The Certificate Enrollment Policy Web Service and the Certificate Enrollment Web Service are made for non domain connected machines to retrieve certificates of various kinds.
When setting this up, I ...

This is the scenario I need to cover:
A WebService that trusts on an IdP using Ws-Trust or any thing like that, receives a SAML token to authenticate the user, and we need to call some SQL Server or ...

I posted this question over on Crypto.SE, but didn't get any takers and thought it might be more suited for this site as it were, so I'm cross posting it here.
I was recently looking through the Mac ...

I am running MIT Kerberos V and I would like to automate the creation of principals. The page here
explains how to do this by providing principal names and passwords on the command line like so:
awk ...

I am looking at a text that mentions that the Secure European System for Applications in a Multi-vendor Environment (SESAME) was designed to address some of Kerberos weakness, with enhancements such ...

I have a school project where i am supposed to implement a Kerberos based infrastructure (AS, TGS and resource server).
It is already done and working, but i started thinking about how to protect the ...

During client authentication, neither the secret key nor the password is sent to the KDC. If a user changes their password on the client, how is the password updated in the password database in the ...

Built environment 1) Exchange server: The operator system of Exchange server is Windows Server2008R2, We configured it as Active Directory (primary domain controller) used for client authentication ...

What are the relative advantages of Heimdal and MIT Kerberos now MIT is freely exportable?
Ones I've come across so far that might be relevant to my particular project is that it seems MIT supports ...

It is a well known security risk that LSASS stores clear-text passwords if a user has performed a keyboard-interactive logon on a machine - be it local login to his/her workstation or using RDP to a ...

I'm a bit confused with some different network security techniques.
Say we want a secure communication with a particular mail server in a remote company network. Reading and sending mails should be ...

I would like to know what makes up a TGT ticket?
The reason is that we've noticed the more Windows AD groups the account is in, the larger the size of the ticket. We've also noticed that when we clear ...

I understand that Kerberos is used as an authentication protocol. However, would it be possible to achieve a similar effect as Diffie-Hellman with Kerberos i.e. establish a session key which can be ...

Bear with me, I know this is sloppy, but here is the back story:
We have a partner that uses Jira and is using spnego with a custom auth back-end that expects certain group membership in the token. ...

Could someone summarise why realms are necessary in Kerberos and the advantages of the concept.
I'm struggling to isolate everything I know / beginning to understand into some well defined points for ...

I would want to use SPNEGO/Kerberos protocol on a public internet webserver for specific remote ip addresses coming from corporate intranet. Other authentications methods are used for other addresses ...

We're using IPA to centralize our authentication and I found an option to add a public key for each user. After doing a little research I found this to be an extension to Kerberos 5, RFC4556.
From my ...

On the last step of Kerberos, the client sends the target server a ticket and an authenticator. One of the authenticator's parts is a timestamp. The timestamp is said to prevent replay attacks, as the ...

Heys all I've got a nub question, I was wondering
What does it mean to encrypt a password using another password?
For example I want to encrypt a password foo using a password bar, does it mean that ...